Authentication is rapidly becoming a critical issue in distributed processing networks in view of the increasing frequency of hacking and other security violations. Authentication refers generally to the process of verifying the identity of a user and/or a user's eligibility to access an object. A common way to authenticate a user in a computational environment is by the use of credentials.
Credentials refer to information that uniquely identifies a user. Credentials include not only fingerprints, retinal scans, facial thermography, and other biometrics but also unique sequences or patterns of numeric, alphabetical, and alphanumeric characters, such as digital certificates or keys, electromagnetic signatures, and smart cards. Credentials can also be used to transform or encrypt data into an unintelligible form in such a way that the original data either cannot be obtained or can be obtained only by using a decryption process.
A digital certificate is an electronic methodology for establishing your credentials from a remote location. It is issued by a certification authority. It typically contains your name, a serial number, an expiration date, the certificate holder's public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-issuing authority. A digital certificate, in conjunction with cryptographic tools, uniquely identifies a specific user on the network, regardless of where the user is located or what application the user is using, in a reliable method.
Smart cards comprise embedded integrated circuits that store information in electronic form. Smart cards use personal identification numbers, biometrics, and encryption methods to authenticate a user. Smart cards communicate with an external reader, which can be a computer system, a cash register, or any other type of input device. The information stored on the smart card is accessed by the reader by either direct contact or wirelessly, such as by radio signals.
Against the backdrop of ever increasing network security measures being implemented in many computational environments, there are a number of network nodes connected directly or indirectly to the network that have weak or no security and can compromise the strong security measures in place in other nodes or network components. For example, Internet Protocol or IP hardware-controlled or IP hard phones and conventional digital phones have, at best, only limited security capabilities. Typically, when security is available it is nothing more than an extension number associated with a subscriber and a keypad-entered password that is limited to 12 characters (as opposed to a PC keyboard that has 96 ASCII values for each character) or a burned-in Media Access Control or MAC address. Twelve-character passwords are quickly and easily compromised using existing decoding algorithms. Moreover, the node itself is authenticated and not the subscriber.
There is an urgent need to address this issue, in view of not only increasing numbers of security violations but also the introduction of new protocols, such as 802.1X and the Session Initiation Protocol or SIP. The 802.1X protocol is a Layer 2 security protocol that requires a network node to perform authentication before enabling the node to access data. SIP, for effective tracking of presence, requires automated tracking of subscribers.